Service-oriented Computing (SOC) has emerged as a widely accepted paradigm for building large and complex web applications. Recently, service-oriented architectures have been used to build several Internet based business applications. Web services have become a widely accepted standard-based instantiation of service-oriented computing as a viable platform for integrating scientific as well as business applications that operate in distributed and heterogeneous environments.
As is known, the World Wide Web Consortium (W3C) defines a web service as a software system designed to support interoperable machine to machine interaction over a network. Web services are frequently merely web application programming interfaces (APIs) that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services. The W3C web service definition encompasses many different systems, but in common usage the term refers to clients and servers that communicate Extensible Markup Language (XML) messages that follow the Simple Object Access Protocol (SOAP) standard.
In this setting, service composition has been heavily used for implementing complex, massively distributed applications that span multiple autonomous organizations. Hence, it becomes very important to be able to control the security properties of such compositions in order to guarantee security in such applications.
The goal of an access control model in a web service application is to answer the following yes or no question: can a principle P invoke a method M on service S? In an application built using service composition it is difficult to define the calling principle P since the request might have propagated along multiple hops (through different principles and services). For instance, consider a supply chain management (SCM) application composed of three entities: customers, a retailer system and a manufacturer system. A retailer system may include a retail manager role and a composition of three services: a retail service, a warehouse service and a database service. In a SCM application, we need to distinguish a retail manager accessing the database service through the retail service and a retail manager accessing the database service through the warehouse service. While the former may have retail manager-like privileges on the database service, the later may have only employee-like privileges.
WS-Security is a communications protocol that provides a mechanism for applying security to web services. More particularly, WS-Security describes enhancements to SOAP messaging to provide message integrity, confidentiality, and single message authentication in a way that can accommodate a wide variety of security models and encryption technologies. WS-Policy provides a general purpose model and a specification language to describe and communicate the policies of a web service. WS-Security Policy, built on the WS-Policy and the WS-Policy Assertion protocols, is a declarative XML format for programming the precise techniques used by web service implementations to construct and check WS-Security headers.
Unfortunately, most of these methodologies treat applications and services as monolithic entities. None of these models treat service composition as a first class entity or provide constructs for specifying security policies for web service compositions. Further, there is no unified methodology for expressing and enforcing access control rules in large and complex web service compositions.
Accordingly, improved access control techniques for use in a service-oriented computing environment are needed.